forms - Accesslevel

[June7]

You have fields named "admin", "data", "reado"?



Does your userID have admin and data and reado all set to True?

If that is the case, then the last If Then condition will take effect.

Should not be 3 separate If Then structures. Use If Then ElseIf

I would use one field for permission level and assign user a value of "admin" or "data" or "reado".

[ssanfu]

It seems you are making this Access level (menu?) more complicated than it needs to be.

I asked:

1) How many Access levels do you have? Four levels of access

So in the "tblAccessLevel" table, there is

tblAccessLevelID	tblAccessLevel
1	Admin
2	Dev
3	Supervisor (Removed)
4	DataEntry
5	Reader (Read Only)

But you have added (at least) 3 Boolean fields for access level when 1 would suffice.
The default access level should be 5 - Read only. Modify the access level permission as required.


Then I asked:

3) How many Categories are there? There are 10 categories and each one has a unique form.

So the "Category" ("OB01") determine which form opens.


I modified your test dB:
the tables "Catagory" & "tblAccessLevel"
added a table "tblFormNames"
added a form "frmAll", "CardiacForm" & "ObstetricsForm" (the last two are copies of "PaediatricForm" but with colors changed - for testing)
& and changed code.

So the idea is to open the correct form, then set the permissions.....

Kinda crude yes, but functional???


BTW, How is the Access level permissions for "Dev" different from "Admin"

[burrina]

Dev should be for the Developer ONLY with unique abilities to edit security settings. Surprised this thread is still going!

[Sheba]

hey Steve and June7, you guys are awesome. Thank you for the support you're giving me. I have adopted a number of approaches to resolve this issue. Yes, at first, I had a field and for each user, that field had "Admn","Dev","Data" or "Reader". It was simple but at some point, code was not applying the required permission levels so I researched some other methods (using more tables and stuff) and got meself entangled!

Steve

- In my program, successful login calls up switchboard to which ALL 10 forms are linked. Once login is successful, the user clicks on "his" form.

If he clicks on one that is not his, he should get the "not authourised" message
- I logged in to the database you uploaded but for every user login, it gives error 2102: The form name 'ObstetricsForm' is misspelled or refers to a form that doesn't This line of code is highlighted in yellow colour: DoCmd.OpenForm FrmName, , , , , , AccLv1

[June7]

Why should user have to click on 'his' form? Why doesn't code just open the appropriate form? Why do users have different forms? Are these forms all for different purposes - different data?

[Sheba]

The switchboard was the way to go because the application will cater to more than 'these' users. Switchboard has links to another switchboard (incomplete) that will be used for analyses by another set of users). There are different forms because they convey different information. Each one represents a unique category

[ssanfu]

Sheba,
Oop, I was going too fast, trying too many things, making changes on-the-fly and forgot to delete the "_M" from the form names in the "Category" table.
I fixed it and uploaded a new test dB.

It is hard to give good advice when you don't have the full story. I *was* curious why 10 forms..... but it is the full story thing..

I really think you need to separate the Access level code from the form permission code.


Anyway, maybe my menu attempt will give give you some ideas......

[Sheba]

Question: I took the code SELECT code and encased it in an IF statement (like below). but I'm getting error 94: Invalid use of Null
The 'debug' button on the dialogue box is also greyed out

If DLookup("CategoryID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'") = 122 Then
SELECT Case

...
...

End Select

Else
MsgBox "You are not authorized to view this form"
Cancel = True
DoCmd.Close acForm, Me.Name
Forms!frmLogin.Visible = True
End If

[Sheba]

okay thanks Steve, just seen your update. Just wondering how to still adopt your code to include the switchboard...

[ssanfu]

You are missing part of the command.

SELECT CASE testexpression


Here is how I would write it:
(change IF() control structure to SELECT CASE structure)

Code:

Dim CatID as long     ' << at the top of the procedure

.
. code
.

CatID =  DLookup("CategoryID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'") 
' CatID now contains 122
 
 SELECT Case CatID
   Case 1
     ...
   Case 122
    ...      'Code goes here for "CategoryID" = 122

   Case Else
     MsgBox "You are not authorized to view this form"
     Cancel = True
     DoCmd.Close acForm, Me.Name
     Forms!frmLogin.Visible = True
 End Select

Just wondering how to still adopt your code to include the switchboard

Not trying to redesign your dB .... Hopefully providing ideas...
You need to do what you are comfortable with.

[Sheba]

brilliant! Steve I'm indebted to you Thank you but just for clarity sake. If I'm going to use catID 122 in the Select Case statement, then I'll have to refer to the other 9 IDs in the Category table wouldn't I? and then repeat the whole code for each form of the 10 forms.
hm...(just thinking out loud here) looks kinda crude? well I'll try that first and hope it works

[Sheba]

thinking deeper... The Case should refer to the different levels of access (i.e. Admn, Dev, Supvr,Data, Reader) shouldn't it? I mean besides the DataEntrant, the Admin or Develop could want access to the form. I'm thinking...

CatID = DLookup("CategoryID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'")
' CatID now contains 122

SELECT Case CatID
Case 111
.... 'Code goes here for "Admn"
... 'Code goes here for "Dev"

Case 122
... 'Code goes here for "Data"
... 'Code goes here for "Reader"

Case Else
MsgBox "You are not authorized to view this form"
Cancel = True
DoCmd.Close acForm, Me.Name
Forms!frmLogin.Visible = True
End Select

[Sheba]

thinking deeper... The Case should refer to the different levels of access (i.e. Admn, Dev, Supvr,Data, Reader) shouldn't it? I mean besides the DataEntrant, the Admin or Develop could want access to the form. I'm thinking...

CatID = DLookup("CategoryID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'")
' CatID now contains 122

SELECT Case CatID

Case 111

.... 'Code goes here for "Admn"
... 'Code goes here for "Dev"

Case 122

... 'Code goes here for "Data"
... 'Code goes here for "Reader"

Case Else

MsgBox "You are not authorized to view this form"
Cancel = True
DoCmd.Close acForm, Me.Name
Forms!frmLogin.Visible = True

End Select

[Sheba]

ah yai yai! how do I differentiate between Data and Reader (admn and dev) inside the Case statement

[Sheba]

Below is the code I used but logged in as a Data Entrant, I can still delete a record. Sigh! I feel like I've run a marathon and still come to the same position. I guess I'll just have to Set the darn Form property AllowDeletions to No

dim UserLevel blah blah
dim CatID bla blah

UserLevel = DLookup("AccessLevelID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'")
CatID = DLookup("CategoryID", "tblUser", "strPassword='" & Forms!frmLogin.txtPassword & "'")

SELECT Case CatID

Case 111

With Me

If userlevel = 1 then

.... 'Code goes here for "Admn"

Elseif userlevel = 2

... 'Code goes here for "Dev"

End If

End with

Case 122

With Me

If userlevel = 4 then

... 'Code goes here for "Data"

Elseif userlevel = 5

... 'Code goes here for "Reader"

End If

End with

Case Else

MsgBox "You are not authorized to view this form"
Cancel = True
DoCmd.Close acForm, Me.Name
Forms!frmLogin.Visible = True

End Select